How do i forward the syslog from my modem to pc on lan.

RouterOS Beginner Basics
1

Hi Everyone i apologize if this has been covered previously but i could not find it , i want to receive the syslog messages to a computer on my lan 192.168.1.87 from my modem 192.168.0.2 connected to my MikroTik Router 192.168.1.1.

I can access the modems web config after adding a nat rule but am not recieving the logs on my pc do i need to forward a port or something ? Below is my current configuration.

Modem is connected to the WAN port of the router , PC is connected via an Ethernet switch on port 5.

Draytek Vigor 120 in bridge mode
Modem IP 192.168.0.2, Subnet 255.255.255.0

Routeros 6.34.2 RB951G-2HnD
Router IP 192.168.1.1
Ether1-Gateway IP 192.168.0.1/24 network 192.168.0.0

NAT Rule srcnat , out interface ether1-gateway , masquerade , Dst. Address 192.168.0.0/24

( I put in this nat rule after searching the forums and it has worked to enable access to the modems web config but i cannot receive syslog)

2

You will need to have a dst-nat rule back into your network to your PC over a specific port. Now keep in mind this is not the correct syntax as I am not in front of my CCR at the moment.

Basically:
action=dst-nat dst-ip=192.168.0.1 dst-port=xxx to-address=192.168.1.87 to-port=xxx

192.168.0.1 appears to be, based on your text, the WAN IP of your Mikrotik.

You may also need to setup a firewall “accept” rule for the inbound traffic depending on the rest of your config.

3 
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=pppoe-out1
add action=masquerade chain=srcnat dst-address=192.168.0.0/24 out-interface=\
    ether1-gateway
add action=dst-nat chain=dstnat comment="Modem logs" dst-address=192.168.0.1 \
    dst-port=514 protocol=udp to-addresses=192.168.1.87 to-ports=514

This is current config after trying your suggestion , if you need any other info please tell me what you need i obtained this by using terminal in winbox and typing

ip firewall nat export

But that is the only export command i know of so if you need more info please tell me what commands i can use to give it to you.

4

The src-nat rule should, either, use the WAN interface or the WAN IP and not the whole /24 network. There are times when you would, I just don’t see any reason you would at the moment.

The dst-nat rule looks good. On the modem, how is it configured to send logs? What IP is it sending to?

I would also look at the firewall. I believe the command would be /ip firewall filter print. If I remember correctly off the top of my head, that should show if there are any firewall rules in place.

I would also take a look at the log file on the Mikrotik while you know for sure the modem is attempting to send the file, that way you can see what messages appear in the logs. You could look for various messages indicating what problem the router has with the traffic.

5

The src-nat rule should, either, use the WAN interface or the WAN IP and not the whole /24 network. There are times when you would, I just don’t see any reason you would at the moment.

Hows This now i changed it and can still access the webgui :slight_smile: thanks for the advice.

[admin@MikroTik] > ip firewall nat export  
# feb/25/2016 00:10:50 by RouterOS 6.34.2
# software id = XY8B-YCVP
#
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment="Modem logs" dst-address=192.168.0.1 \
    dst-port=514 protocol=udp to-addresses=192.168.1.87 to-ports=514



The dst-nat rule looks good. On the modem, how is it configured to send logs? What IP is it sending to?

Its configured via the web interface syslog access setup to send to 192.168.1.87 port :514

I would also look at the firewall. I believe the command would be /ip firewall filter print. If I remember correctly off the top of my head, that should show if there are any firewall rules in place.

Here it is

[admin@MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; default configuration
      chain=forward action=accept connection-state=established log=no 
      log-prefix="" 

 1    ;;; default configuration
      chain=forward action=accept connection-state=related log=no log-prefix="" 

 2    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix="" 

 3    chain=input action=accept protocol=icmp log=no log-prefix="" 

 4    chain=input action=accept connection-state=established log=no log-prefix="" 

 5    chain=input action=accept connection-state=related log=no log-prefix="" 

 6    chain=input action=drop in-interface=pppoe-out1 log=no log-prefix=""



I would also take a look at the log file on the Mikrotik while you know for sure the modem is attempting to send the file, that way you can see what messages appear in the logs. You could look for various messages indicating what problem the router has with the traffic.

Can i see that via the log button on the left in winbox or do you mean the firewall connection logs ?

6

There is part of your problem; your modem doesn’t know where 192.168.1.87 is. You need to “point” it at your Mikrotik interface of 192.168.0.1.

If the above recommendation does not fully fix the issue add:

(again, check the syntax - don’t just copy it over)
add chain-input action=accept in-interface=ether1 dst-port=514 log=no log-prefix=“”

Best would be log button on the left in WinBox.

7

I changed the modem configuration via the web ui to send to the syslog to server ip 192.168.0.1 my WAN ip instead of the pc and now it is working i can receive the logs on my pc using Drayteks syslog application.

8

Your help is much appreciated thank you for your time.